Keycloak: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
<source lang="bash"> | <source lang="bash"> | ||
apt update; apt list --upgradable; cd /opt/ | apt update; apt list --upgradable; cd /opt/ | ||
wget https://github.com/keycloak/keycloak/releases/download/ | wget https://github.com/keycloak/keycloak/releases/download/21.0.1/keycloak-21.0.1.tar.gz | ||
tar -xvzf keycloak- | tar -xvzf keycloak-21.0.1.tar.gz | ||
mv keycloak- | mv keycloak-21.0.1 keycloak | ||
</source> | </source> | ||
Line 86: | Line 86: | ||
image: postgres | image: postgres | ||
container_name: postgres | container_name: postgres | ||
extra_hosts: | |||
- "host.docker.internal:host-gateway" | |||
volumes: | volumes: | ||
- postgres_data:/var/lib/postgresql/data | - postgres_data:/var/lib/postgresql/data | ||
Line 118: | Line 120: | ||
- postgres | - postgres | ||
</source> | </source> | ||
==Knowledge== | |||
docker run --add-host=host.docker.internal:host-gateway\ | |||
--rm alpine ping host.docker.internal | |||
==References== | ==References== | ||
Line 135: | Line 141: | ||
| valign="top" | | | valign="top" | | ||
* [https://medium.com/devops-dudes/securing-spring-boot-rest-apis-with-keycloak-1d760b2004e Securing Spring Boot REST APIs with Keycloak] | * [https://medium.com/devops-dudes/securing-spring-boot-rest-apis-with-keycloak-1d760b2004e Securing Spring Boot REST APIs with Keycloak] | ||
* [https://packagist.org/packages/idci/keycloak-security-bundle IDCI Keycloak Security Bundle] | |||
* [https://dev.to/silentrobi/keycloak-custom-rest-api-search-by-user-attribute-keycloak-3a8c Keycloak Custom Rest Api] | * [https://dev.to/silentrobi/keycloak-custom-rest-api-search-by-user-attribute-keycloak-3a8c Keycloak Custom Rest Api] | ||
* [https://www.baeldung.com/spring-ejb Spring & EJB Integration] | * [https://www.baeldung.com/spring-ejb Spring & EJB Integration] | ||
* [https://www.keycloak.org/docs/latest/authorization_services/index.html#_enforcer_filter Keycloak Policy Enforcer] | |||
* [https://github.com/eugenp/tutorials/tree/master/spring-ejb Spring & EJB Example] | * [https://github.com/eugenp/tutorials/tree/master/spring-ejb Spring & EJB Example] | ||
* [[OAuth2]] | |||
* [[OAuth]] | |||
* [[LDAP]] | |||
* [[JWT]] | |||
|} | |} |
Latest revision as of 03:07, 19 March 2023
apt update; apt list --upgradable; cd /opt/
wget https://github.com/keycloak/keycloak/releases/download/21.0.1/keycloak-21.0.1.tar.gz
tar -xvzf keycloak-21.0.1.tar.gz
mv keycloak-21.0.1 keycloak
Permission
groupadd keycloak
useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak
chown -R keycloak: /opt/keycloak/
chmod o+x /opt/keycloak/bin/
mkdir /etc/keycloak
cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.conf /etc/keycloak/keycloak.conf
cp /opt/keycloak/docs/contrib/scripts/systemd/launch.sh /opt/keycloak/bin/
chown keycloak: /opt/keycloak/bin/launch.sh
nano /opt/keycloak/bin/launch.sh
Config
#!/bin/bash
if [ "x$WILDFLY_HOME" = "x" ]; then
WILDFLY_HOME="/opt/keycloak"
fi
if [[ "$1" == "domain" ]]; then
$WILDFLY_HOME/bin/domain.sh -c $2 -b $3
else
#$WILDFLY_HOME/bin/standalone.sh -c $2 -b $3
$WILDFLY_HOME/bin/standalone.sh -c $2 -b $3 -bmanagement=0.0.0.0
fi
Service
cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/keycloak.service
nano /etc/systemd/system/keycloak.service
[Unit]
Description=The Keycloak Application Server
After=syslog.target network.target
Before=httpd.service
[Service]
Environment=LAUNCH_JBOSS_IN_BACKGROUND=1
EnvironmentFile=/etc/keycloak/keycloak.conf
User=keycloak
Group=keycloak
LimitNOFILE=102642
PIDFile=/var/run/keycloak/keycloak.pid
ExecStart=/opt/keycloak/bin/launch.sh $WILDFLY_MODE $WILDFLY_CONFIG $WILDFLY_BIND
StandardOutput=null
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable keycloak
systemctl start keycloak
systemctl status keycloak
tail -f /opt/keycloak/standalone/log/server.log
ssh [email protected] -L 8080:localhost:8080 -L 9990:localhost:9990 http://localhost:8080/ http://localhost:9990/
Docker Compose
docker-compose -f ./docker-compose.yml up -d
version: '3'
volumes:
postgres_data:
driver: local
services:
postgres:
image: postgres
container_name: postgres
extra_hosts:
- "host.docker.internal:host-gateway"
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
pgadmin:
container_name: pgadmin
image: dpage/pgadmin4
environment:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL:[email protected]}
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD:-admin}
ports:
- "5050:80"
restart: unless-stopped
keycloak:
image: jboss/keycloak:7.0.1
container_name: keycloak
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
ports:
- 8090:8080
depends_on:
- postgres
Knowledge
docker run --add-host=host.docker.internal:host-gateway\ --rm alpine ping host.docker.internal